compliance-as-a-crisis: managing cloud compliance

Compliance-as-a-Crisis:Managing Cloud ComplianceJeff Bennett, COO and President, Allgress

Brandon Bennett, VP of Customer Success, Allgress

Tricia Pattee, VP of Product, HOSTING

www.HOSTING.com 22www.allgress.com | www.hosting.com 2

Housekeeping

• This webinar is being recorded and an on-demand version will be available at the same URL at the conclusion of the webinar

• Please submit questions via the button on the bottom left of the viewer

• If we don’t get to your question during the webinar, we will follow up with you via email

• Download PowerPoint slides via the “Attachments” button below the viewing panel

• On Twitter [@HOSTINGdotcom] [@Allgress] or LinkedIn [HOSTING] [Allgress] . . . Be sure to follow for news, resources and announcements for future webinars!

www.HOSTING.com 33www.allgress.com | www.hosting.com 3

Agenda

• Who We Are

• Industry Insights

• Cloud Compliance Pains

• Compliance in the (Public) Cloud

• Know Your Gaps

• Security & Compliance Solutions

www.HOSTING.com 44www.allgress.com | www.hosting.com 4

About Allgress

Employees

2008

$

Livermore, CA

350

50%

50

Customers

Headquarters

Annual Growth Rate

FoundedEST

www.HOSTING.com 55www.allgress.com | www.hosting.com 5

About HOSTING

$

Denver, CO

2,000

100M

400+ Employees

Customers

Headquarters

Annual Revenue

6 U.S. Data Centers

www.HOSTING.com 66www.allgress.com | www.hosting.com 6

Compliance Trends

80% of organizations are still not compliant 1 70% of firms are expecting

regulators to publish even

more information within the

next year 2

Only 29% of companies are compliant a year

after validation 1

You could pay $100,000 a month for being non-

compliant 1

1 goanywhere.com blog

2 Information Technology Group

3 hipaajournal.com

www.HOSTING.com 77www.allgress.com | www.hosting.com 7

The Staffing Pains

• Lack of staff to manage compliance

• High turnover of staff

• Difficulty meeting and maintaining compliance requirements (and the numerous updates)

• Lack the tools to protect and maintain compliance

• Lack expertise around compliance best practices

• Difficulty interpreting requirements

• Average investment is $250,000 annually

www.HOSTING.com 88www.allgress.com | www.hosting.com 8

The Tool Pains

• No central data repository, overuse of spreadsheets

• Tools tend to be industry-specific and focused on discrete requirements

• High deployment costs (CAPEX v. OPEX)

• Length of time to deploy

• Steep learning curve – training and retraining

• Large investment for commercial tools

www.HOSTING.com 99www.allgress.com | www.hosting.com 9

Who is Feeling the Most Pain

• Requires industry-specific compliance: HIPAA, HITRUST, PCI, SOC, HITECH

• Currently compiles data manually

• Failed a previous audit

• Lack of staff/knowledge to prepare for an audit

• Limited budget for compliance management

• Needs help identifying and classifying data correctly and accurately

www.HOSTING.com 1010www.allgress.com | www.hosting.com 10

Public Cloud Concerns

• Lack of visibility of where apps are located

• Reduced control of the environment

• Inadequate understanding of the shared responsibility model

• Security products being used / what controls are mapped

• How to document controls

www.HOSTING.com 1111www.allgress.com | www.hosting.com 11

Shared Responsibility Model

This is a

transition slideDemo

www.HOSTING.com 1313www.allgress.com | www.hosting.com 13

Compliance Services

Support

Platform management

Customer Managed

HOSTING Provided

Day-to-day compliance

management

Requirement interpretation

Policy mapping

Audit preparation

Risk assessments

Support

Platform management

Basic compliance

management

Requirement interpretation

Policy mapping

Audit preparation

Customer Managed

HOSTING Provided

Risk assessments

Vendor risk management

Support

Platform management

Basic compliance

management

Requirement interpretation

Policy mapping

Audit preparation

Risk assessments

Vendor risk management

HOSTING Provided

www.HOSTING.com 1414www.allgress.com | www.hosting.com 14

The Unified Cloud Approach

www.HOSTING.com 1515www.allgress.com | www.hosting.com 15

Differentiators

www.HOSTING.com 1616www.allgress.com | www.hosting.com 16

Summary

Compliance regulations are

rapidly increasing

Companies are understaffed and lack compliance expertise

Staff turnover is high

Non-compliance fines are substantial

By combining services with a fully featured software platform, companies experience:1. Immediate deployment, expert compliance guidance, and a stable compliance

process2. Reduced costs in numerous areas: deployment, man hours, tool costs and audit

costs3. A lower cost for good services than they’d spend buying a compliance product

separately (in most environments)

www.HOSTING.com 1717www.allgress.com | www.hosting.com 17

Book your complimentary Compliance Posture Evaluation, today!

For more information on how HOSTING can help guide your business to the cloud, go to www.HOSTING.com

Q&A

For more information on how HOSTING can help guide your business to the cloud, go to www.HOSTING.com

Q&A

www.allgress.com | www.hosting.com 18

Appendix

www.HOSTING.com 20www.HOSTING.com 20www.allgress.com | www.hosting.com 20

HOSTING Security and Compliance Services

Explorer Voyager Pioneer

Access and Authentication

Network

Security

Server Security

Compliance

SERVICE LEVELS

on-prem

Hybrid SolutionsValidated Security

Firewall Multi-factor Authentication VPN

Intrusion Detection Vulnerability Scan

Data Encryption Log Management Malware Protection

Patching File Integrity Monitoring

Compliance Dashboard Compliance Management

Consultative Risk Assessment

Self-Service and Managed Solutions Resilient infrastructure in any cloud

Tailored to meet business needs

Web App Firewall DDoS Mitigation

www.HOSTING.com 21www.HOSTING.com 21www.allgress.com | www.hosting.com 21

Compliance Services- Explorer

• Phone and Ticket Support

• Training and Onboarding

• Platform Management

• Notifications

• Assessment Tracking

• Vulnerability Tracking

www.HOSTING.com 2222www.allgress.com | www.hosting.com 22

Compliance Services- Voyager

• Explorer features PLUS

• Requirement Interpretation

• Policy Mapping

• Policy Creation & Adaption

• Vulnerability Review

• Audit Advisement

www.HOSTING.com 2323www.allgress.com | www.hosting.com 23

Compliance Services- Pioneer

• Voyager features PLUS

• Policy Tracking

• Vendor Risk Tracking

• Incident Tracking

• Risk Register Tracking

• Annual Risk Assessment

www.HOSTING.com 2424www.allgress.com | www.hosting.com 24

Overview of the Compliance Service Tiers

Product Explorer Voyager Pioneer

Support

Phone & Ticket Support x x x

Training and Onboarding x x x

Platform Management

Compliance Dashboard Infrastructure and

Administrationx x x

Notifications x x x

Assessment Management x x x

Vulnerability Tracking x x x

Policy Tracking x

Vendor Risk Tracking x

Incident Tracking x

Risk Register Tracking x

Guidance & Expertise

Requirement Interpretation x x

Policy and Control Mapping x x

Policy Creation and Adaption x x

Vulnerability Review x x

Audit Advisement x x

Annual Risk Assessment x

www.HOSTING.com 2525www.allgress.com | www.hosting.com 25

Assessment Module: Compliance Overview

www.HOSTING.com 2626www.allgress.com | www.hosting.com 26

Assessment Module: Progress Summary

www.HOSTING.com 2727www.allgress.com | www.hosting.com 27

Assessment Module: Key Risks Overview

www.HOSTING.com 2828www.allgress.com | www.hosting.com 28

Risk Module: Heat Map

www.HOSTING.com 2929www.allgress.com | www.hosting.com 29

Risk Module: Vendor Risk Management Summary

www.HOSTING.com 3030www.allgress.com | www.hosting.com 30

Project Task Timeline

www.HOSTING.com 3131www.allgress.com | www.hosting.com 31

Executive Dashboard